Vulnerability Discovered in WooCommerce – NAB Transact < 2.1.2
https://www.themissinglink.com.auNAB Transact is WooCommerce plugin allows you to use NAB Transact (Australia Bank) as a credit card processor. You can process Visa and Mastercard by default, and optionally accept American Express, UnionPay (UPOP), Diners Club and JCB after activation from NAB.
In versions 2.1.0, there is a vulnerability that allows attackers to mark orders as fully paid and introduce arbitrary transaction numbers into the payment records by issuing a GET request to the affected endpoints.
The issue has been fixed in Version 2.1.2 which is available now from the WooCommerce Plugin Repo.